jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/405807 )
Change subject: Ensure creds are always set in primary provider
......................................................................
Ensure creds are always set in primary provider
We need to explicitly set the user's pw in the primary provider on
account creation, as AuthManager makes no assumptions about it, and as
such users were getting set up with null credentials (preventing them
from logging in).
Now that this is resolved, re-enabled the secondary screen to change
password as default.
Change-Id: Icf549f241181976af2398051542f0140b0d62f63
---
M ExternalWikiPrimaryAuthenticationProvider.php
M extension.json
2 files changed, 14 insertions(+), 2 deletions(-)
Approvals:
Skizzerz: Looks good to me, approved
jenkins-bot: Verified
diff --git a/ExternalWikiPrimaryAuthenticationProvider.php
b/ExternalWikiPrimaryAuthenticationProvider.php
index 4de21dd..686e5ba 100644
--- a/ExternalWikiPrimaryAuthenticationProvider.php
+++ b/ExternalWikiPrimaryAuthenticationProvider.php
@@ -13,6 +13,7 @@
{
protected $cookieJar;
private $userCache = [];
+ private $pwKey = 'MediaWikiAuth-userpw'; // should be private const,
but that's PHP 7.1+
public function __construct( array $params = [] ) {
parent::__construct( $params );
@@ -56,6 +57,10 @@
return AuthenticationResponse::newAbstain();
}
+ // Save the user password so we can set it in
autoCreatedAccount (otherwise the user has
+ // null credentials unless they go through the optional
password change process)
+ $this->manager->setAuthenticationSessionData( $this->pwKey,
$req->password );
+
// Grab remote MediaWiki version; our auth flow depends on what
we get back
$resp = $this->apiRequest( 'GET', [
'action' => 'query',
@@ -89,6 +94,7 @@
if ( $resp->login->result !== 'Success' ) {
$this->logger->info( 'Authentication against
legacy remote API failed for reason ' . $resp->login->result,
[ 'remoteVersion' => $remoteVersion,
'caller' => __METHOD__, 'username' => $username ] );
+
$this->manager->removeAuthenticationSessionData( $this->pwKey );
return AuthenticationResponse::newFail(
wfMessage( 'mwa-authfail' ) );
}
} else {
@@ -117,6 +123,7 @@
if ( $resp->clientlogin->status !== 'PASS' ) {
$this->logger->info( 'Authentication against
modern remote API failed for reason ' . $resp->clientlogin->status,
[ 'remoteVersion' => $remoteVersion,
'caller' => __METHOD__, 'username' => $username ] );
+
$this->manager->removeAuthenticationSessionData( $this->pwKey );
return AuthenticationResponse::newFail(
wfMessage( 'mwa-authfail' ) );
}
}
@@ -143,6 +150,11 @@
return;
}
+ // ensure the user can log in even if we don't do secondary
password reset
+ $password = $this->manager->getAuthenticationSessionData(
$this->pwKey );
+ $this->manager->removeAuthenticationSessionData( $this->pwKey );
+ $user->setPassword( $password );
+
// $user->saveChanges() is called automatically after this runs,
// so calling it ourselves is not necessary.
// This is where we fetch user preferences and watchlist to
save locally.
diff --git a/extension.json b/extension.json
index d62130b..3a0b39e 100644
--- a/extension.json
+++ b/extension.json
@@ -1,6 +1,6 @@
{
"name": "MediaWikiAuth",
- "version": "1.0.0",
+ "version": "1.1.0",
"author": [
"Laurence Parry",
"Jack Phoenix",
@@ -12,7 +12,7 @@
"license-name": "GPL-2.0+",
"type": "other",
"config": {
- "MediaWikiAuthAllowPasswordChange": false,
+ "MediaWikiAuthAllowPasswordChange": true,
"MediaWikiAuthApiUrl": "",
"MediaWikiAuthImportGroups": true,
"MediaWikiAuthImportWatchlist": true,
--
To view, visit https://gerrit.wikimedia.org/r/405807
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Icf549f241181976af2398051542f0140b0d62f63
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/MediaWikiAuth
Gerrit-Branch: master
Gerrit-Owner: Skizzerz <[email protected]>
Gerrit-Reviewer: Daniel Friesen <[email protected]>
Gerrit-Reviewer: Legoktm <[email protected]>
Gerrit-Reviewer: Skizzerz <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
